Personalization implementation for mobile apps with authorization

Expected architecture setup of your system

• mobile app has registration with log-in and log-out functionality
• (optional) mobile app has user sessions (logged-in user session expires after some time)
• backend handles authorization process - your platform contains unique IDs of end users
• you use Infobip's web portal or push API for targeting users over push by their unique IDs or by tags / segments they belong to

Implementation flow

Every installation of a mobile app generates a new push registration ID. The ID should be linked to a unique person ID when a mobile app makes an authorize/register/log-in API call to your backend.

Recommended Personalization flow implementation

1. Subscribe to MMNotificationRegistrationUpdated event and wait for its invocation -> that's the time when library gets connected to Infobip's backend (push registration ID is generated)

2. When a user successfully performs registration / log in -> you need to implement a personalize call with the forceDepersonalize = false parameter over a mobile app or a backend API. In this case, it is assumed that until the moment of login a device is owned by an anonymous person and there is no authorization session in the application. The personalize call adds a unique ID and additional information to the user profile.

   If your app has a scenario where a user can log in to their account while the app still has a session with another user, you need to link that device to a new person and simultaneously unlink the device from the previous person. So that when a user performs registration / login and the user ID is different from what was connected to the device, you need to implement a personalize call with the parameter forceDepersonalize = true over a mobile app or a backend API.

3. When a user performs an explicit log out -> implement a depersonalize call over a mobile app or a backend API. A depersonalize call detaches user data (IDs and other personal data) from a device and connects it to an anonymous profile.

4. For applications with user sessions, keep a user's device personalised while a user's session has not expired. That will keep the possibility of sending messages targeted to the user. Also, when an authorised user with an active session updates an application with the Infobip SDK for the first time, you need to personalize that device and link it to the authorised user. To do this, listen to the MMNotificationRegistrationUpdated event and once it comes perform a personalize call with the parameter, forceDepersonalize = true over a mobile app or a backend API. When a user session has expired and another user might use the app -> call depersonalize over a mobile app or a backend API to avoid sending messages targeted to a previous user.

Person with multiple devices

Our Mobile Messaging SDK, together with the Infobip Customer Data Platform (CDP) connects multiple devices logged in / personalized with the same User ID to the same persona. Once you implement the above-mentioned flow, push notifications sent to a user by default will be targeted to all devices connected to that person. However, you can set a device as Primary to send mobile push notifications to primary devices only. To target a single primary device of a person using a unique ID, set at least one device as Primary over a mobile app or a backend API. When sending a mobile push over the Send push API, set the parameter targetOnlyPrimaryDevices: true.

---

If you would like to restrict personal data updates or access to it from a mobile app and have limitations enabled on the Application profile, use only banked API calls in the recommended flow described above. This approach is recommended for financial organizations and other apps operating with sensitive data. Below, is a diagram describing the implementation for user identification and device management over the backend.